-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ryan Golhar wrote: (among other things.) Hi Ryan I have come into this thread rather late having just resubscribed to the list so hopefullly I am not repeating advice you have already received. Apologies if this is not the case. > I would like to use SELinux with RHEL 4. Its new and I�m gonna have to > learn it sooner or later. Well, RH do training courses (RHS427/9) covering this, although that is a fairly large expense if it is out of your personal pocket. There are also docs on the RH website: http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/selinux-guide/ > I suppose my problem is that I'm totally new to it and not sure how to > configure it to allow certain programs access to certain files. I > suspect this is only one piece of it and I'm sure I'm going to run into > a whole lot more. I've googled it and read some but most of what I've > found is overviews and white papers. Nothing that gives hands on > experience. Editing and customising policy is actually quite simple in what you need to do (a couple of text files usually suffice). Read the RH docs above for more information and be prepared for trial and error. You should also be aware that if you have a support agreement with RH Are you seeing SELinux error messages in your logs when you try to start mysqld? these will be in /var/log/messages and start avc: (actually, if you are running the audit daemon your selinux logs end up in /var/log/audit/audit.log) I suspect that the issue you are facing is not a broken policy as such, but probably mislabeled files are your MySQL databases in the standard location (probably somewhere in /var)? if so, you might try this: restorecon -v /location/of/mysql/db/files > > The only real useful thing I've found is http://seedit.sourceforge.net/, > but it�s a GUI tool and I'd rather stick to the shell. Be prepared for a little pain, in that case. SELinux is becoming far more user (well, admin-)friendly in FC5/6 - and thus also in RHEL5 when it arrives. also, seedit achieves what it does by simplifying the policy language and won't work too well with FC5/6 and RHEL5 Regards Stuart - -- Stuart Sears RHCA RHCX To err is human, to forgive is Not Company Policy. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFE4wv4amPtx1brPQ4RAnM/AJ9GRc89idjhi78ZYq7sFcwVMnNw6ACfQuI4 wnyYmf2BswwmDkLWgPLPxXw= =oIhR -----END PGP SIGNATURE----- -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
